Jump to content

ra12r

Honorary Members
 View Profile  See their activity

  • Posts

    60

  • Joined

  • Last visited

 Content Type 

Everything posted by ra12r

  1. ra12r
    LDTate, I have not been able to do the above yet... I have tried many things to "unblock" this website on that computer. I can get to the internet, but not here. I went to another computer on that same router gate, and it was blocked too. So I rebooted the router and unplugged the computer rebooted everything and still the same. I am typing this message from a computer on a different router. So now I think I have something blocking in the router too. I also noticed that there was A BUNCH of blocked sites in mozilla and IE8 so I deleted all of them.... no change. This all started after I did the antivirus with the microsoft. I have uninstalled that program. Did uninstalling the antivirus cause the issue?! I thought we were almost finished with my problems and now this new problem. If you can log on directly, I am not opposed to that either, as I can still get on the internet with that computer. I will try and figure out how to take the above information and save to a flash to do the procedure... Do you need to add anymore "kill all" to the script?!?!
  2. ra12r
    That is correct. Using your link, my infected computer now does not find this site with my browsers now. It acts like I have no internet connection. But if i go to other saved sites, no problem....??? I think the site is blocked now somehow?! Does microsoft block other sites that are competitors? I am apparently blocked in Mozilla and IE8. Because I cant get to the website, I am definitely not logged in simultaneously. Anyway, I should still be able to get to this website on multiple computers at the same time.
  3. ra12r
    LDTate, After my last post, a notice from Microsoft to update IE 8 came up so I did, and then another popup from that there was 108 microsoft updates required in the yellow shield as a different popup, so I let that go ahead and run... Well it rebooted itself and when it restarted i attempted to get back to this website on mozilla and IE8 and it cannot find it?!?!?! I can get to other sites, but no longer to this site. So now I am on a different computer to post this message... HELP?!
  4. ra12r
    LDTate, ok, i rebooted and again the computer loads my desktop pic and then before it loads the LAN/internet connection icon, the pics disappears and then "re-loads" all choppy slow. So I know that what ever is loading during this time frame is playing into the symptoms I am having. I would like to DELETE whatever is causing my screen to reload. When I close down the computer it does the reverse. Choppy closing pic then blue screen then INSTANT pic,,, but I cant stop the system at that point. The "monster" is connected to something that runs in the above picture list. I have tried to kill each process one at a time till I discover which one does it, but that has not worked to find it at this point. Can you see anything that "loads" between the initial wallpaper pic and the second reload of the wallpaper pic?
  5. ra12r
    i ran microsoft essentials and it found nothing. But immediately IE opened by itself and wanted to download stuff... dang!!! But, my screen is still "re-loading" very slowly. I think I am going to reboot now.
  6. ra12r
    LDTate, NO, not that i am aware, but I did uninstall zonealarm a longtime. I do use spybot, malwarebytes, but I don't really ever consciously keep a antivirus program running. I only scan as needed manually.
  7. ra12r
    This is the section that the "monster" works in that when I stop the processes I can affect the symptoms path C:\WINDOWS\system32\svchost.exe command line C:\WINDOWS\System32\svchost.exe -k netsvcs current directory C:\WINDOWS\system32\ I attached an image of my generic host list that is running and one of them crashes the whole svchost
  8. ra12r
    LDTate, okay now my computer is still having a slow screen reload. When I close the browser it closes in rows slowly. Now that I have typed more, I am still noticing that my keystrokes are being interupted. I have not had a generic host services error yet though. I have been looking at the scans reports some myself, and i see stuff loading that i don't want even if they are not virus's. It is geting hader to typ as i am msng ltters nw... Hereisthescan ComboFix 11-11-19.03 - Sonia Evans 11/19/2011 9:19.6.1 - x86 Running from: c:\internet downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\CSC\d6 . . ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))) . . 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-10-21 13:37 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2011-10-21_02.27.19 ))))))))))))))))))))))))))))))))))))))))) . + 2006-06-21 02:07 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\USBSTOR.SYS - 2006-06-21 02:07 . 2008-04-14 04:15 26368 c:\windows\system32\drivers\usbstor.sys + 2002-08-29 12:00 . 2008-04-14 05:10 36352 c:\windows\system32\drivers\disk.sys - 2002-08-29 12:00 . 2008-04-14 04:10 36352 c:\windows\system32\drivers\disk.sys - 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-10-16 16:35 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2011-10-21 05:50 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\scrrun.dll + 2011-11-18 11:55 . 2011-11-18 11:55 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe + 2006-06-09 19:30 . 2011-10-22 02:14 126912 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\dllcache\scrrun.dll + 2004-02-23 08:00 . 2004-02-23 08:00 1386496 c:\windows\system32\msvbvm60.dll + 2010-01-27 01:07 . 2011-11-18 11:55 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2007-05-05 00:40 . 2011-11-19 06:05 15411796 c:\windows\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-10 98304] "VTTimer"="VTTimer.exe" [2003-05-07 36864] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480] . . --- Other Services/Drivers In Memory --- . *Deregistered* - PROCEXP141 . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: gamls.com\www Trusted Zone: rexplorer.net\atl Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-19 09:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(832) c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Completion time: 2011-11-19 09:33:37 ComboFix-quarantined-files.txt 2011-11-19 14:33 ComboFix2.txt 2011-10-21 02:31 ComboFix3.txt 2011-10-14 04:37 ComboFix4.txt 2011-10-12 12:23 ComboFix5.txt 2011-11-19 14:18 . Pre-Run: 54,731,513,856 bytes free Post-Run: 61,333,962,752 bytes free . - - End Of File - - 01289E168D4171FFFFBC9AE1E6F99AD4
  9. ra12r
    LDTATE, Thanks you for your assistance. I have followed the TTDS and now the computer is running good. I did not see the "re-load" of the screen and my keyboard is typing at speed. Currently my problem Generic Host process is not eating up the memory. Here is a post of the log. 08:53:07.0015 1576 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 08:53:07.0484 1576 ============================================================ 08:53:07.0484 1576 Current date / time: 2011/11/19 08:53:07.0484 08:53:07.0484 1576 SystemInfo: 08:53:07.0484 1576 08:53:07.0484 1576 OS Version: 5.1.2600 ServicePack: 3.0 08:53:07.0484 1576 Product type: Workstation 08:53:07.0484 1576 ComputerName: HIGHLANDER 08:53:07.0484 1576 UserName: Sonia Evans 08:53:07.0484 1576 Windows directory: C:\WINDOWS 08:53:07.0484 1576 System windows directory: C:\WINDOWS 08:53:07.0484 1576 Processor architecture: Intel x86 08:53:07.0484 1576 Number of processors: 1 08:53:07.0484 1576 Page size: 0x1000 08:53:07.0484 1576 Boot type: Normal boot 08:53:07.0484 1576 ============================================================ 08:53:08.0796 1576 Initialize success 08:54:07.0156 1056 ============================================================ 08:54:07.0156 1056 Scan started 08:54:07.0156 1056 Mode: Manual; 08:54:07.0156 1056 ============================================================ 08:54:08.0375 1056 Abiosdsk - ok 08:54:08.0609 1056 abp480n5 - ok 08:54:08.0734 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 08:54:08.0750 1056 ACPI - ok 08:54:08.0968 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 08:54:08.0968 1056 ACPIEC - ok 08:54:09.0156 1056 adpu160m - ok 08:54:09.0296 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 08:54:09.0296 1056 aec - ok 08:54:09.0546 1056 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 08:54:09.0546 1056 AFD - ok 08:54:09.0750 1056 Aha154x - ok 08:54:09.0859 1056 aic78u2 - ok 08:54:09.0906 1056 aic78xx - ok 08:54:10.0140 1056 AliIde - ok 08:54:10.0265 1056 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 08:54:10.0265 1056 AmdK7 - ok 08:54:10.0437 1056 AmdLLD - ok 08:54:10.0546 1056 amsint - ok 08:54:10.0656 1056 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys 08:54:10.0656 1056 AnyDVD - ok 08:54:10.0875 1056 asc - ok 08:54:10.0968 1056 asc3350p - ok 08:54:11.0031 1056 asc3550 - ok 08:54:11.0328 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 08:54:11.0328 1056 AsyncMac - ok 08:54:11.0562 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 08:54:11.0562 1056 atapi - ok 08:54:11.0796 1056 Atdisk - ok 08:54:12.0015 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 08:54:12.0015 1056 Atmarpc - ok 08:54:12.0250 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 08:54:12.0250 1056 audstub - ok 08:54:12.0453 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 08:54:12.0453 1056 Beep - ok 08:54:12.0734 1056 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 08:54:12.0734 1056 BrScnUsb - ok 08:54:12.0937 1056 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys 08:54:12.0937 1056 BrSerIf - ok 08:54:13.0171 1056 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 08:54:13.0171 1056 BrUsbSer - ok 08:54:13.0265 1056 catchme - ok 08:54:13.0484 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 08:54:13.0484 1056 cbidf2k - ok 08:54:13.0734 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 08:54:13.0734 1056 CCDECODE - ok 08:54:13.0937 1056 cd20xrnt - ok 08:54:14.0062 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 08:54:14.0062 1056 Cdaudio - ok 08:54:14.0281 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 08:54:14.0281 1056 Cdfs - ok 08:54:14.0546 1056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 08:54:14.0546 1056 Cdrom - ok 08:54:14.0781 1056 Changer - ok 08:54:15.0046 1056 CmdIde - ok 08:54:15.0187 1056 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys 08:54:15.0218 1056 cmuda - ok 08:54:15.0421 1056 Cpqarray - ok 08:54:15.0531 1056 dac2w2k - ok 08:54:15.0609 1056 dac960nt - ok 08:54:15.0828 1056 DCamUSBNW802 (34a8699292b57abbbf2ace00b87f9d2d) C:\WINDOWS\system32\DRIVERS\pcam.sys 08:54:15.0843 1056 DCamUSBNW802 - ok 08:54:16.0109 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 08:54:16.0109 1056 Disk - ok 08:54:16.0375 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 08:54:16.0406 1056 dmboot - ok 08:54:16.0671 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 08:54:16.0671 1056 dmio - ok 08:54:16.0937 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 08:54:16.0937 1056 dmload - ok 08:54:17.0125 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 08:54:17.0125 1056 DMusic - ok 08:54:17.0343 1056 dpti2o - ok 08:54:17.0562 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 08:54:17.0562 1056 drmkaud - ok 08:54:17.0843 1056 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 08:54:17.0843 1056 ElbyCDIO - ok 08:54:18.0093 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 08:54:18.0093 1056 Fastfat - ok 08:54:18.0312 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 08:54:18.0312 1056 Fdc - ok 08:54:18.0515 1056 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 08:54:18.0515 1056 FETNDIS - ok 08:54:18.0718 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 08:54:18.0718 1056 Fips - ok 08:54:18.0953 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 08:54:18.0953 1056 Flpydisk - ok 08:54:19.0156 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 08:54:19.0171 1056 FltMgr - ok 08:54:19.0390 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 08:54:19.0390 1056 Fs_Rec - ok 08:54:19.0593 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 08:54:19.0609 1056 Ftdisk - ok 08:54:19.0828 1056 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 08:54:19.0843 1056 gameenum - ok 08:54:20.0078 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 08:54:20.0078 1056 Gpc - ok 08:54:20.0312 1056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 08:54:20.0312 1056 HidUsb - ok 08:54:20.0515 1056 hpn - ok 08:54:20.0656 1056 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 08:54:20.0656 1056 HTTP - ok 08:54:20.0875 1056 i2omgmt - ok 08:54:20.0953 1056 i2omp - ok 08:54:21.0140 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 08:54:21.0140 1056 i8042prt - ok 08:54:21.0359 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 08:54:21.0359 1056 Imapi - ok 08:54:21.0593 1056 ini910u - ok 08:54:21.0718 1056 IntelIde - ok 08:54:21.0796 1056 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 08:54:21.0796 1056 ip6fw - ok 08:54:22.0015 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 08:54:22.0031 1056 IpFilterDriver - ok 08:54:22.0218 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 08:54:22.0218 1056 IpInIp - ok 08:54:22.0437 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 08:54:22.0437 1056 IpNat - ok 08:54:22.0765 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 08:54:22.0781 1056 IPSec - ok 08:54:23.0046 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 08:54:23.0046 1056 IRENUM - ok 08:54:23.0281 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 08:54:23.0281 1056 isapnp - ok 08:54:23.0500 1056 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 08:54:23.0500 1056 Iviaspi - ok 08:54:23.0687 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 08:54:23.0687 1056 Kbdclass - ok 08:54:23.0906 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 08:54:23.0921 1056 kmixer - ok 08:54:24.0125 1056 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 08:54:24.0125 1056 KSecDD - ok 08:54:24.0359 1056 lbrtfdc - ok 08:54:24.0609 1056 MBAMSwissArmy - ok 08:54:24.0765 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 08:54:24.0765 1056 mnmdd - ok 08:54:24.0984 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 08:54:24.0984 1056 Modem - ok 08:54:25.0187 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 08:54:25.0187 1056 Mouclass - ok 08:54:25.0406 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 08:54:25.0406 1056 mouhid - ok 08:54:25.0625 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 08:54:25.0625 1056 MountMgr - ok 08:54:25.0828 1056 mraid35x - ok 08:54:25.0953 1056 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 08:54:25.0953 1056 MREMP50 - ok 08:54:25.0968 1056 MREMP50a64 - ok 08:54:26.0015 1056 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 08:54:26.0015 1056 MRESP50 - ok 08:54:26.0031 1056 MRESP50a64 - ok 08:54:26.0250 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 08:54:26.0250 1056 MRxDAV - ok 08:54:26.0484 1056 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 08:54:26.0500 1056 MRxSmb - ok 08:54:26.0750 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 08:54:26.0750 1056 Msfs - ok 08:54:27.0015 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 08:54:27.0015 1056 MSKSSRV - ok 08:54:27.0234 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 08:54:27.0234 1056 MSPCLOCK - ok 08:54:27.0453 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 08:54:27.0453 1056 MSPQM - ok 08:54:27.0703 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 08:54:27.0703 1056 mssmbios - ok 08:54:27.0937 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 08:54:27.0937 1056 MSTEE - ok 08:54:28.0156 1056 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 08:54:28.0156 1056 Mup - ok 08:54:28.0375 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 08:54:28.0390 1056 NABTSFEC - ok 08:54:28.0625 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 08:54:28.0640 1056 NDIS - ok 08:54:28.0906 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 08:54:28.0906 1056 NdisIP - ok 08:54:29.0125 1056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 08:54:29.0125 1056 NdisTapi - ok 08:54:29.0328 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 08:54:29.0328 1056 Ndisuio - ok 08:54:29.0562 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 08:54:29.0578 1056 NdisWan - ok 08:54:29.0812 1056 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 08:54:29.0812 1056 NDProxy - ok 08:54:30.0078 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 08:54:30.0078 1056 NetBIOS - ok 08:54:30.0296 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 08:54:30.0312 1056 NetBT - ok 08:54:30.0656 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 08:54:30.0656 1056 Npfs - ok 08:54:30.0875 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 08:54:30.0890 1056 Ntfs - ok 08:54:31.0171 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 08:54:31.0171 1056 Null - ok 08:54:31.0375 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 08:54:31.0375 1056 NwlnkFlt - ok 08:54:31.0656 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 08:54:31.0671 1056 NwlnkFwd - ok 08:54:32.0234 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 08:54:32.0250 1056 Parport - ok 08:54:32.0578 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 08:54:32.0578 1056 PartMgr - ok 08:54:32.0812 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 08:54:32.0812 1056 ParVdm - ok 08:54:33.0078 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 08:54:33.0078 1056 PCI - ok 08:54:33.0281 1056 PCIDump - ok 08:54:33.0390 1056 PCIIde - ok 08:54:33.0484 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 08:54:33.0484 1056 Pcmcia - ok 08:54:33.0687 1056 PDCOMP - ok 08:54:33.0796 1056 PDFRAME - ok 08:54:33.0859 1056 PDRELI - ok 08:54:34.0031 1056 PDRFRAME - ok 08:54:34.0218 1056 perc2 - ok 08:54:34.0343 1056 perc2hib - ok 08:54:34.0515 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 08:54:34.0515 1056 PptpMiniport - ok 08:54:34.0734 1056 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 08:54:34.0734 1056 Processor - ok 08:54:34.0968 1056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 08:54:34.0968 1056 PSched - ok 08:54:35.0187 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 08:54:35.0187 1056 Ptilink - ok 08:54:35.0421 1056 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 08:54:35.0421 1056 PxHelp20 - ok 08:54:35.0609 1056 ql1080 - ok 08:54:35.0703 1056 Ql10wnt - ok 08:54:35.0765 1056 ql12160 - ok 08:54:35.0937 1056 ql1240 - ok 08:54:36.0046 1056 ql1280 - ok 08:54:36.0125 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 08:54:36.0125 1056 RasAcd - ok 08:54:36.0343 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 08:54:36.0343 1056 Rasl2tp - ok 08:54:36.0578 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 08:54:36.0578 1056 RasPppoe - ok 08:54:36.0765 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 08:54:36.0781 1056 Raspti - ok 08:54:36.0984 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 08:54:37.0000 1056 Rdbss - ok 08:54:37.0218 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 08:54:37.0218 1056 RDPCDD - ok 08:54:37.0437 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 08:54:37.0453 1056 rdpdr - ok 08:54:37.0937 1056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 08:54:37.0968 1056 RDPWD - ok 08:54:38.0406 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 08:54:38.0406 1056 redbook - ok 08:54:38.0718 1056 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 08:54:38.0718 1056 RTL8023xp - ok 08:54:38.0921 1056 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 08:54:38.0937 1056 rtl8139 - ok 08:54:39.0187 1056 rtl8185 (88b63f291ae10c1b66d2b9ed6921a7df) C:\WINDOWS\system32\DRIVERS\rtl8185.sys 08:54:39.0187 1056 rtl8185 - ok 08:54:39.0500 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 08:54:39.0500 1056 Secdrv - ok 08:54:39.0765 1056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 08:54:39.0765 1056 serenum - ok 08:54:39.0953 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 08:54:39.0968 1056 Serial - ok 08:54:40.0187 1056 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 08:54:40.0187 1056 sermouse - ok 08:54:40.0546 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 08:54:40.0546 1056 Sfloppy - ok 08:54:40.0781 1056 Simbad - ok 08:54:40.0906 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 08:54:40.0906 1056 SLIP - ok 08:54:41.0109 1056 Sparrow - ok 08:54:41.0250 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 08:54:41.0250 1056 splitter - ok 08:54:41.0500 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 08:54:41.0500 1056 sr - ok 08:54:41.0765 1056 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 08:54:41.0781 1056 Srv - ok 08:54:42.0031 1056 SSKBFD (2b38da14e1bad3e4227cfcfaeb505239) C:\WINDOWS\system32\Drivers\sskbfd.sys 08:54:42.0031 1056 SSKBFD - ok 08:54:42.0250 1056 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 08:54:42.0265 1056 StillCam - ok 08:54:42.0500 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 08:54:42.0500 1056 streamip - ok 08:54:42.0718 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 08:54:42.0718 1056 swenum - ok 08:54:42.0937 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 08:54:42.0937 1056 swmidi - ok 08:54:43.0156 1056 symc810 - ok 08:54:43.0531 1056 symc8xx - ok 08:54:43.0734 1056 sym_hi - ok 08:54:44.0140 1056 sym_u3 - ok 08:54:44.0609 1056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 08:54:44.0609 1056 sysaudio - ok 08:54:44.0703 1056 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 08:54:44.0718 1056 Tcpip - ok 08:54:44.0781 1056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 08:54:44.0781 1056 TDPIPE - ok 08:54:44.0843 1056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 08:54:44.0843 1056 TDTCP - ok 08:54:44.0890 1056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 08:54:44.0890 1056 TermDD - ok 08:54:45.0015 1056 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 08:54:45.0015 1056 tifsfilter - ok 08:54:45.0109 1056 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys 08:54:45.0125 1056 timounter - ok 08:54:45.0187 1056 TosIde - ok 08:54:45.0296 1056 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 08:54:45.0328 1056 uagp35 - ok 08:54:45.0390 1056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 08:54:45.0390 1056 Udfs - ok 08:54:45.0437 1056 ultra - ok 08:54:45.0531 1056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 08:54:45.0546 1056 Update - ok 08:54:45.0640 1056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 08:54:45.0640 1056 usbccgp - ok 08:54:45.0703 1056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 08:54:45.0703 1056 usbehci - ok 08:54:45.0750 1056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 08:54:45.0750 1056 usbhub - ok 08:54:45.0812 1056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 08:54:45.0812 1056 usbprint - ok 08:54:45.0875 1056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 08:54:45.0875 1056 usbscan - ok 08:54:45.0937 1056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:54:45.0937 1056 USBSTOR - ok 08:54:45.0984 1056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 08:54:45.0984 1056 usbuhci - ok 08:54:46.0015 1056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 08:54:46.0031 1056 VgaSave - ok 08:54:46.0140 1056 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys 08:54:46.0140 1056 viagfx - ok 08:54:46.0187 1056 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 08:54:46.0203 1056 ViaIde - ok 08:54:46.0250 1056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 08:54:46.0265 1056 VolSnap - ok 08:54:46.0390 1056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 08:54:46.0406 1056 Wanarp - ok 08:54:46.0453 1056 WDICA - ok 08:54:46.0515 1056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 08:54:46.0515 1056 wdmaud - ok 08:54:46.0781 1056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 08:54:46.0796 1056 WSTCODEC - ok 08:54:46.0953 1056 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0 08:54:46.0953 1056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected 08:54:46.0953 1056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0) 08:54:47.0000 1056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 08:54:47.0140 1056 \Device\Harddisk1\DR1 - ok 08:54:47.0171 1056 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0 08:54:47.0171 1056 \Device\Harddisk0\DR0\Partition0 - ok 08:54:47.0203 1056 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0 08:54:47.0203 1056 \Device\Harddisk1\DR1\Partition0 - ok 08:54:47.0218 1056 ============================================================ 08:54:47.0218 1056 Scan finished 08:54:47.0218 1056 ============================================================ 08:54:47.0265 1572 Detected object count: 1 08:54:47.0265 1572 Actual detected object count: 1 08:55:10.0890 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot 08:55:10.0890 1572 \Device\Harddisk0\DR0 - ok 08:55:10.0890 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure 08:55:19.0218 0524 Deinitialize success
  10. ra12r
    I have ran malwarebytes multiple times in regular and safemode. Sometimes it finds 1 or so things, but removing changes nothing. Have ran spybot and it too really finds not much and changes nothing. When my computer starts it makes it to my wallpaper pic fairly normal, but slower. Then I ALWAYS notice that my wallpaper pic disappears to the background blank color page and then the wallpaper pic gets "re-drawn". Once that happens the computer is changed. But, now the refresh is real slow like in 1/4 screen slices. This is visible when closing or changing screens. My wireless keyboard is also very slow reading the keystrokes. The whole computer gets bound up and when the svcs finally error, then I also lose my sound. But, once they finally error, The whole system speeds up. Some consistant errors are the following: 1) appcompat.txt 2) wr34ofdir\appopat.txt 3) svchost.exe -k netsvcs which uses an excessive amount of memory till it crashes 4) I noticed when everything is running, that there is excessive IP activity and my computer is connected to a bunch of servers......ALOT HERE is my scan: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Sonia Evans at 19:55:57 on 2011-11-18 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [VTTimer] VTTimer.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: gamls.com\www Trusted Zone: rexplorer.net\atl Trusted Zone: rexplorer.net DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562 TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C} : DhcpNameServer = 192.168.1.254 Notify: WRNotifier - WRLogonNTF.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sonia evans\application data\mozilla\firefox\profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-11-14 03:50:22 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42:41 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple Computer 2011-11-13 18:41:32 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-11-13 18:41:11 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple 2011-10-21 13:37:21 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-10-21 03:54:04 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\PackageAware 2011-10-20 03:28:45 -------- d-----w- c:\windows\UltraDefrag 2011-10-20 03:28:03 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe . ==================== Find3M ==================== . 2011-11-18 11:55:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-31 21:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD1600AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8329F4C0]<< _asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x832a68a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x832a6730]; JNZ 0x1f; MOV [ESP+0xc], ECX; } 1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x83342AB8] 3 CLASSPNP[0xF7EFAFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000005a[0x833472E0] 5 ACPI[0xF7E71620] -> nt!IofCallDriver[0x804E37C5] -> [0x8337E940] \Driver\atapi[0x833D7218] -> IRP_MJ_CREATE -> 0x8329F4C0 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8329F2E0 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 19:57:37.56 =============== Here is Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Sansa Media Converter µTorrent Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 7.1.0 Adobe Shockwave Player AnyDVD Apple Application Support Bing Maps 3D Brother MFL-Pro Suite C-Media WDM Audio Driver Collectorz.com Movie Collector DriverGuide DriverScan DVD Shrink 3.2 Engine Analyzer Pro v3.3 Hayabusa ECUeditor for K2-K7, K8- models Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) ImgBurn KM400/KN400 Display Driver and Utilities Malwarebytes' Anti-Malware version 1.51.2.1300 MediaMonkey 2.5 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2000 Premium Microsoft Office 2000 Web Archive Add-On Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Script 5.7 Microsoft Word Supplemental Templates and Wizards Mozilla Firefox (3.6.23) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nero OEM Nitrous Log PaperPort PC Camera Capture PC Link Nitrous Power Commander 3 Power Commander 5 Software V1.0.1 Punch! 5 in 1 Home Design Quicken 2005 QuickTime RemotePlayback RTLSetup S3 S3Display S3 S3Gamma2 S3 S3Info2 S3 S3Overlay Sansa Media Converter Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 8 (KB911565) Security Update for Windows Media Player 8 (KB917734) Sid Meier's Civilization 4 Slotman Spybot - Search & Destroy Ultimate Racer 3.0 Ultra Defragmenter Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WebCam WebFldrs XP WEGO Log Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Service Pack 3 WinRAR archiver Xfire (remove only) Xtranormal State Xtranormal State - Showpak-Playgoz-Preview Xtranormal State - SoundPack-Starter Kit Xtranormal State - Voicepack-English-UK-Daniel Xtranormal State - Voicepack-English-UK-Serena Xtranormal State - Voicepack-English-US-Samantha Xtranormal State - Voicepack-English-US-Tom Yahoo! Messenger YOSHIMURA Engine Management Professional . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.